Apple prevents third-party hardware from hacking phones

Earlier this year, we reported on a third-party piece of hardware called the GrayKay, which was capable of connecting to your iPhone and working out its passcode. With this hardware, police forces could have gained access to your device without even needing you to hand over your password.

The device attracted a lot of controversy from security experts and members of the public when it became evident that the Police could use it to gather evidence. As a result, Apple seemingly set to work on blocking the device's access to their smartphones. Six months later, we're seeing that iOS 12 seems to have blocked GrayKey entirely, meaning that the Police can no longer use the device to gain evidence without consent.

An example of the GrayKey third-party device.

Preventing third-party access

We have previously discussed changes that were made in iOS 11, in July this year, which implemented USB Restricted Mode on iphones. This feature 'turns off' access to the lightning port connection if the iPhone has not been unlocked by its owner within the past hour. The intention for this change was so that police forces – or other third-parties – would be unable to connect the GrayKey or similar devices.

But it was only a matter of hours until security researchers had managed to break through this new security measure, essentially rendering it useless. And so Apple set about implementing additional changes to ensure that data could not be accessed without a passcode being handed over voluntarily.

Now, some security experts are completely stumped as to how Apple have managed to lock down the phone, with one saying: "No idea. It could be everything from better kernel protection to stronger configuration-profile installation restrictions". The kernel is the software layer of a computer that acts as the main controller of the OS, or operating system. As such, it handles actions such as the control and storage of passcodes.

A sample of the data that GrayKey could previously access.

With the GrayKey now being unable to establish the needed connection to extract the passcode data from an iPhone, it's likely security researchers will be trying to figure out how Apple have pulled this off. The company behind the controversial device has at least one former Apple engineer on staff, so it may only be a matter of time before they manage to get around this latest patch to the iPhone operating system.

Until then, iPhone users can breathe a sigh of relief providing their phones are up to date with the latest iOS update (12). That said, unless you're committing crimes or storing suspect information on your phone, then you should have nothing to worry about.